arcticbit Posted January 6, 2012 Share Posted January 6, 2012 I had whmcs v. 4.1.2 Patch without security. I got a suspicious support ticket: "Subject: {php}evaL(base64_decode..." what to check after this? The directory: templates_c has 800 files, one file list all the users (account:passwords) on server. Is that normal? can i delete the files in templates_c ? 0 Quote Link to comment Share on other sites More sharing options...
TommyK Posted January 6, 2012 Share Posted January 6, 2012 It's safe to delete the files in your templates_c folder, but you should keep a copy if you need to do some further forensics. Did your templates_c reside in the root? Any suspicious admin activity? They might have changed the password or added admin users to your whmcs. Take all possible security precautions. Update and then replace your installation of whmcs with a new set of files. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted January 6, 2012 Share Posted January 6, 2012 one file list all the users (account:passwords) on server. Is that normal? Absolutely not normal. This is likely a result of the hack succeeding. 0 Quote Link to comment Share on other sites More sharing options...
mylove4life Posted January 6, 2012 Share Posted January 6, 2012 Yes it is... You need to take that server offline ASAP... I would then have a admin look at the server so see if they can just delete files or if they need to do a complete OS wipe and reinstall... Absolutely not normal. This is likely a result of the hack succeeding. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.